Designing and maintaining firewall configurations is hard also for expert system administrators. Indeed, policies are made of a large number of rules and are written in low-level configuration languages that are specific to the firewall system in use. To simplify the work of system administrators, some authors of the present paper proposed in previous work a transcompilation pipeline and a tool that (i) extracts the meaning of a real configuration by representing it into a tabular form; (ii) refactors a configuration by removing redundant rules; (iii) ports the policy from a firewall system to another. Here, we extend this pipeline by proposing a new characterization that models rulesets and firewalls as functions from packets to transformations. Transformations specify which packets are accepted by the firewall and how they are translated. Using this functional characterization we propose two new algorithms that simplify the treatment of the pipeline.
From firewalls to functions and back
Ceragioli, Lorenzo;Galletta, Letterio;
2019-01-01
Abstract
Designing and maintaining firewall configurations is hard also for expert system administrators. Indeed, policies are made of a large number of rules and are written in low-level configuration languages that are specific to the firewall system in use. To simplify the work of system administrators, some authors of the present paper proposed in previous work a transcompilation pipeline and a tool that (i) extracts the meaning of a real configuration by representing it into a tabular form; (ii) refactors a configuration by removing redundant rules; (iii) ports the policy from a firewall system to another. Here, we extend this pipeline by proposing a new characterization that models rulesets and firewalls as functions from packets to transformations. Transformations specify which packets are accepted by the firewall and how they are translated. Using this functional characterization we propose two new algorithms that simplify the treatment of the pipeline.| File | Dimensione | Formato | |
|---|---|---|---|
|
itasec19-main.pdf
non disponibili
Tipologia:
Documento in Pre-print
Licenza:
Nessuna licenza
Dimensione
418.31 kB
Formato
Adobe PDF
|
418.31 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
